master
authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE extendedKeyUsage = serverAuth, clientAuth, emailProtection keyUsage=nonRepudiation, digitalSignature, keyEncipherment